On Tue, Mar 28, 2017 at 03:36:40PM +0100, Tony Finch wrote: > Chris Thompson just mentioned to me another reason for dropping support > for RSAMD5: it uses a different DNSKEY tag calculation, which implies that > dropping support should simplify validators more than dropping other > algorithms.
To be clear, for the benfit of those not in the room yesterday, I do *not* object to deprecating RSAMD5, I agree with the "MUST NOT" in the signer column, and that it's pointless to support it in new validator implementations. My problem is with elevating "pointless" to the force of a "MUST NOT". I think it should be reduced in force to "OPTIONAL", "NOT RECOMMENDED", or even "SHOULD NOT". Kill it on the supply side. -- Evan Hunt -- e...@isc.org Internet Systems Consortium, Inc. _______________________________________________ DNSOP mailing list DNSOP@ietf.org https://www.ietf.org/mailman/listinfo/dnsop